Hello,
Is it possible to create a package of Splunk universal forwarder with the complete configuration so that I can deploy through SCCM since I have more than 150 windows servers?
Have a look at the UF documentation, which has a chapter on how to do installs like that: http://docs.splunk.com/Documentation/Forwarder/7.0.2/Forwarder/InstallaWindowsuniversalforwarderremo...
Post back here if that still leaves any specific questions!
Yes it is possible and recommended for coherency between your forwarders.
One of the most important configurations, the deploymentclient.conf that allows to later control everything from the deployment server.
Put that in an app org_all_deploymentclient with deploymentclient.conf in the /local directory and your're good to go.
All subsequent actions can be done through Deployment Server
Once I install the forwarder then only i can use deployment server to install apps and config right.For 70 server how is it possible to deploy universal forwarder.Is it any way to create fully configured package.
Can you use an Ansible Playbook with the Splunk Installation and a copy of the app to all the servers?
Have you got any mass deployment tool?
I have an System Center Configuration Manager (SCCM)
Well then for each server, put the installer in each machine, untar it, start splunk, copy the app that contains the deploymentclient.conf, restart splunk and you're done.
Any further doubts about it?
Please let me know if the answer was useful for you. If it was, accept it and upvote. If not, give us more input so we can help you with that